--- - hosts: localhost vars_files: - "/etc/openstack/nova.conf" tasks: - name: Create the nova user. user: name: nova comment: Openstack Nova Daemons shell: /sbin/nologin home: /var/lib/nova groups: libvirt append: yes - name: Create the /var folders for nova file: path: "{{ item }}" state: directory owner: nova group: nova with_items: - /var/run/nova - /var/lock/nova - /var/log/nova - /var/lib/nova - /var/lib/nova/instances - file: path=/etc/nova state=directory - name: Add the configuration needed for nova in /etc/nova using templates template: src: /usr/share/openstack/nova/{{ item }} dest: /etc/nova/{{ item }} with_lines: - cd /usr/share/openstack/nova && find -type f - name: Create nova service user in service tenant keystone_user: user: "{{ NOVA_SERVICE_USER }}" password: "{{ NOVA_SERVICE_PASSWORD }}" tenant: service token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - name: Assign admin role to nova service user in the service tenant keystone_user: role: admin user: "{{ NOVA_SERVICE_USER }}" tenant: service token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - name: Add nova endpoint keystone_service: name: nova type: compute description: Openstack Compute Service publicurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s' internalurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s' adminurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s' region: 'regionOne' token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - name: Create postgresql user for nova postgresql_user: name: "{{ NOVA_DB_USER }}" login_host: "{{ CONTROLLER_HOST_ADDRESS }}" password: "{{ NOVA_DB_PASSWORD }}" sudo: yes sudo_user: nova - name: Create database for nova services postgresql_db: name: nova owner: "{{ NOVA_DB_USER }}" login_host: "{{ CONTROLLER_HOST_ADDRESS }}" sudo: yes sudo_user: nova - name: Initiate nova database nova_manage: action: dbsync sudo: yes sudo_user: nova # [1] Never enable openstack-nova-conductor service in a node with # openstack-nova-compute or the security benefits of removing # database access from nova-compute will be negated #systemctl start openstack-nova-conductor - name: Enable and start openstack-nova services service: name: "{{ item }}" enabled: yes state: started with_items: - openstack-nova-api.service - openstack-nova-cert.service - openstack-nova-compute.service - openstack-nova-consoleauth.service - openstack-nova-novncproxy.service - openstack-nova-scheduler.service - openstack-nova-serialproxy.service # - openstack-nova-conductor.service